IT Security News Blast 8-14-2017

Nowadays, Pyongyang’s focus is on outright financial theft. Cybersecurity companies have caught groups associated with North Korea stealing credit card information, attacking financial institutions, businesses and even devising malware to cheat at online poker. This stunning development should leave business owners wringing their hands – the risk of cyber theft and the subsequent reputational and financial damage it can cause are on the rise.

Fines for being hacked: If a breach is down to bad security it could cost you millions

Organisations that provide critical national infrastructure services including electricity, water, energy, transport, and healthcare could face fines of £17m or four percent of their global turnover if they fail to protect themselves from cyberattacks. The plan is being considered by the UK government as it examines how to implement the European Union’s Network and Information Systems (NIS) Directive from May 2018. The directive represents the first piece of EU-wide legislation on cybersecurity and provides legal measures in an effort to protect member states and their essential services from cyberattacks.

In a recent phone interview, Lee Kim, director of privacy and security at HIMSS, said a lack of financial resources can prevent some small practices from hiring IT professionals. That leaves such organizations at a disadvantage, as they don’t know what to prioritize. […] The survey also found 71 percent of respondents’ organizations assign a certain part of their budget to cybersecurity efforts. Of that group, 60 percent said they allocate 3 percent or more of their overall budget to such initiatives.

Cybercrime is a growing problem for many industries, but Hollywood is especially vulnerable because of the long chain of people who work on a show or movie in post-production, experts say. Studios rely on an army of freelancers for everything from special effects to musical scores, creating a vast network of targets for hackers. Bringing those workers in-house is an option but would be expensive and could limit the talent studios can tap.

A massive cyberattack that took down government websites in Venezuela earlier this week also has left seven million mobile phone users without service, the government said Thursday. A group that calls itself The Binary Guardians claimed responsibility for attacks that targeted the websites of the government, the supreme court and the National Assembly. “These terrorist actions which affected the Movilnet’s GSM platform on Wednesday left without communication seven of the state operator’s 13 million users,” Science and Technology Minister Hugbel Roa said.

The indictment to be issued against Hutchins the cyber-security researcher from Britain on August 8, 2017 stands postponed. Hutchins, who was detained in the week of July 31, 2017 in Las Vegas over accusation from federal court about creating and spreading one malicious program for acquiring Internet banking passwords by duping unwitting PC users, will now be indicted next week.

Russian group that hacked DNC used NSA attack code in attack on hotels

In the earlier attack, the APT 28 members used a hacking tool dubbed Responder to monitor and falsify NetBIOS communications passed over the infected networks. “Responder masquerades as the sought-out resource and causes the victim computer to send the username and hashed password to the attacker-controlled machine,” the FireEye researchers wrote. “APT 28 used this technique to steal usernames and hashed passwords that allowed escalation of privileges in the victim network.”

The coordinated and multifaceted Russia efforts in the 2016 election—from the attacks on the DNC and John Podesta’s email to a meeting between a Russian lawyer and Donald Trump Jr. that bears all the hallmarks of an intelligence mission—likely involved every major Russian intelligence service: the foreign intelligence service (known as the SVR) as well as the state security service (the FSB, the successor to the KGB), and the military intelligence (the GRU), both of which separately penetrated servers at the DNC.

A final rule published in the federal register by the Justice Dept. says that the Next Generation Identification (NGI) system will not be subject to several key protections and provisions covered under the Privacy Act, which allow for judicial redress and opting out of the database altogether. The database does add that the FBI “cannot claim exemption” to one provision, which requires the agency keep the data secure and that it “protect against any anticipated threats or hazards to their security or integrity.”

In a legal filing this week, the Electronic Frontier Foundation (EFF) argues that customs officers should be required to get warrants before searching people’s mobile phones (and iPads, laptops etc) in the same way they are typically required to do in the rest of the country. […] The Supreme Court has already recognized the difference and decided that the police are required to obtain a warrant to search the contents of the phone of someone who has been arrested – because of the Fourth Amendment about unreasonable searches. Although the issue of location data is still up in the air. The EFF wants that same rule applied to phones (and laptops) at the border.

Dubbed “CouchPotato,” the tool can apparently be used to collect the stream as a video file (AVI), or to capture still images (JPG) of frames from the stream, as long as these frames are “of significant change from a previously captured frame.” To perform the video and image encoding and decoding operations, the tool leverages the free software project FFmpeg. However, many audio and video codecs, along with unnecessary features, have been removed from the FFmpeg version used by CouchPotato.

“It just defies logic that if we’re trying to increase diversity, that we would aim our recruiting efforts at a university that is not diverse,” Plunkett said. “It doesn’t mean that you don’t go there,” Plunkett said of institutions of higher education that lack diversity. “But it means if you’re trying to get a diverse population, you make sure you go to places where there are diverse candidates.”

“Cyber, really, there’s a lot of technical work to be done, but there’s a lot of work on the policy, and even on the legal, side,” said Debora Plunkett, principal at Plunkett Associates and former director of Information Assurance at the National Security Agency. “Take a risk, be willing to pick somebody who doesn’t look like you. Be willing to give somebody an opportunity who has perhaps demonstrated academic accomplishment but has not had the opportunity to apply that in the workplace.”

The hackers also published a post on Pastebin which mocked FireEye. Apart from clearly being focused on the company, which provides defensive security products and produces research into hacking campaigns, the exact motivations of the hackers remains unclear. FireEye told Motherboard on Monday it is investigating the release. “Guess what, we’re going to punish the lairs [sic], the fat riches who care only about their stock shares,” the hackers wrote in a Pastebin post on Monday.

North Korea threat: It’s vital that Trump have access to open source intelligence, best available sources

For example, OSINT suggests that North Korea may have actually conducted two additional nuclear tests several years ago which went largely unnoticed by Western media. Further, North Korea may possess an Electromagnetic Pulse (EMP) nuclear warhead that would have the ability to take out a national power grid and destroy critical infrastructure. In addition, recent OSINT now tells us that North Korean scientists have developed a quantum encryption device. This could pose a major challenge to offensive cyber operations designed to disable North Korea’s launch capabilities.

Sarahah, which has its origins in the Middle East and translates to honesty in Arabic, has recently gained popularity through Facebook, like its predecessor Sayat.me. The trend is dangerous, especially for youngsters, as suicidal games like the Blue Whale Challenge, which originated in Russia, have already found their way to India, which is similar to Sarahah in its anonymity factor. Apps and websites like these make it dangerously easy for cyber bullies to run riot, exchange inappropriate content among minors and in general bad for one’s mental health.

Soniac was one of the three apps that made its way into Google Play, according to a blog post published Thursday by a researcher from mobile security firm Lookout. The app, which had from 1,000 to 5,000 downloads before Google removed it, provided messaging functions through a customized version of the Telegram communications program. Behind the scenes, Soniac had the ability to surreptitiously record audio, take phones, make calls, send text messages, and retrieve logs, contacts, and information about Wi-Fi access points. Google ejected the app after Lookout reported it as malicious.

The analysis judged websites’ password policies based on five criteria: a minimum threshold of eight characters in a password, mandatory use of alphanumeric characters (not just numbers), a password strength assessment display during account creation, an account lockout feature to prevent brute force attacks, and support of two-factor or multi-factor authentication. Altogether, 21 out of the 48 studied websites, or roughly 44 percent, failed the evaluation because they met fewer than three of these stated benchmarks.

The online hacktivist group Anonymous has claimed responsibility for carrying out a distributed denial-of-service (DDoS) attack on the official website of Charlottesville city Virginia. The attack was conducted under the banner of OpDomesticTerrorism; as a result, the website has been forced to go offline. The motive behind this DDoS attack was to protest against the hit and run incident in which a number of activists were hit while protesting against the rally organized by a group of white supremacists just a couple of hours ago.

Want more cybersecurity information?

We may also occasionally send you information about Critical Informatics products and solutions; you can unsubscribe at anytime if desired.Leave this field empty if you're human:

About Critical Informatics

We are world-class information security professionals providing Managed Detection and Response services to help you be secure, compliant, and resilient against threats to the life safety, life-sustaining, and quality-of-life systems and services you provide to clients, customers, constituents, and communities.